Closed Bug 866608 Opened 11 years ago Closed 6 years ago

integer-overflow in Date.parse not handled

Categories

(Core :: JavaScript: Standard Library, defect)

Product:
Core
Component:
JavaScript: Standard Library
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1493715

People

(Reporter: anba, Unassigned)

References

(Blocks 3 open bugs)

Details

(Whiteboard: [-fsanitize=signed-integer-overflow]) 

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0
Build ID: 20130409194949

Steps to reproduce:

test case:
js> Date.parse("Sat Jan 01 107374182499 00:00:00 GMT+0000")
915148800000

Maybe it's better to return NaN instead of 915148800000, but possibly you just close as WONTFIX, since the behaviour is implementation defined in this case. (JSC/V8/IE10/Opera do return NaN.)
Waldo, what do you think we should do here?
Flags: needinfo?(jwalden+bmo)
Given we're looking at signed integer overflow in the implementation here, which in C++ has undefined behavior, we certainly need to fix *something* here.  The exact behavior for the input string is, as comment 0 implies, not all that important, I'd agree.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(jwalden+bmo)
Whiteboard: [-fsanitize=signed-integer-overflow]
Blocks: 919486
Assignee: general → nobody
Component: JavaScript Engine → JavaScript: Standard Library
OS: Windows 7 → All
Hardware: x86_64 → All
Blocks: 1284975
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.